Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update
🔗 CVE IDs covered (13)
📋 Description
CVE-2023-0464 — openssl: Denial of service by excessive resource usage in verifying X509 policy constraints CVE-2023-0465 — openssl: Invalid certificate policies in leaf certificates are silently ignored CVE-2023-0466 — openssl: Certificate policy check not enabled CVE-2023-2650 — openssl: Possible DoS translating ASN.1 object identifiers CVE-2023-3446 — openssl: Excessive time spent checking DH keys and parameters CVE-2023-3817 — OpenSSL: Excessive time spent checking DH q parameter value CVE-2023-38039 — curl: out of heap memory issue due to missing limit on header quantity CVE-2023-38545 — curl: heap based buffer overflow in the SOCKS5 proxy handshake CVE-2023-38546 — curl: cookie injection with none file CVE-2023-39615 — libxml2: crafted xml can cause global buffer overflow CVE-2023-41081 — httpd: Apache Tomcat Connectors (mod_jk) Information Disclosure CVE-2023-45802 — mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) CVE-2023-45853 — zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6
🔗 References (16)
- selfhttps://access.redhat.com/errata/RHSA-2023:7626
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2181082
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2182561
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2182565
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2207947
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2224962
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2227852
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2235864
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2238847
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2239135
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2241933
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2241938
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2243877
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2244556
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7626.json